diff --git a/defaults/main.yml b/defaults/main.yml
index 17c48c6..491e6ce 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,9 +2,6 @@
 vault_image: "docker.io/hashicorp/vault:latest"
 vault_url: "http://localhost:8200"
 
-vault_restart_policy: always
-vault_service_stopped: False
-
 vault_config_volume: "vault-config"
 vault_data_volume: "vault-data"
 
@@ -20,8 +17,10 @@ vault_data_volume: "vault-data"
 vault_volumes:
   - name: "{{ vault_config_volume }}"
     dest: /vault/config
+    opts: Z
   - name: "{{ vault_data_volume }}"
     dest: /vault/file
+    opts: Z
 
 # @var vault_network:description: >
 # Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration.
diff --git a/templates/etc/containers/systemd/vault.container.j2 b/templates/etc/containers/systemd/vault.container.j2
index 2f14049..eceb785 100644
--- a/templates/etc/containers/systemd/vault.container.j2
+++ b/templates/etc/containers/systemd/vault.container.j2
@@ -15,7 +15,7 @@ ContainerName={{ __vault_container_name }}
 Exec=/usr/local/bin/docker-entrypoint.sh server
 EnvironmentFile=/etc/containers/systemd/vault.env
 {% for item in vault_volumes %}
-Volume={{ item.name }}:{{ item.dest }}:Z
+Volume={{ item.name }}:{{ item.dest }}{{ ":" + item.opts if item.opts is defined else "" }}
 {% endfor %}
 
 {% if vault_cap_add | length > 0 %}